I have a lot of trouble getting flask-recaptcha to work. I basically follow the tutorial here (https://github.com/mardix/flask-recaptcha), but it just doesn't work. Here is my setup.
In __iniy__.py
I do
from flask import Flask
from flask.ext.sqlalchemy import SQLAlchemy
from flask_mail import Message, Mail
from flask.ext.elasticsearch import FlaskElasticsearch
from flask_recaptcha import ReCaptcha
app = Flask(__name__)
app.config.from_pyfile('../config.py')
db = SQLAlchemy(app)
mail = Mail(app)
es = FlaskElasticsearch(app)
recaptcha = ReCaptcha(app=app)
from app import views
now I import recaptcha into views.py and setup some config parameters
from app import db, app, models, mail, es, recaptcha
app.config.update({
'RECAPTCHA_ENABLED': True,
'RECAPTCHA_SITE_KEY': "public",
'RECAPTCHA_SECRET_KEY': "private"
})
and in register.html I include {{ recaptcha }}
. When the form comes in I check for
recaptcha.verify()
but that always gives True. The recaptcha is not even shown on the page? I have registered my domain under google recaptcha and I use the public and private key provided from that site. Instead of using the flask-recaptcha package I can use the snippets provided from the Google recaptcha site and that seems to work fine. I would however prefer to use the standard package?? Also how does recaptcha.verify() distinguish between not verified and not submitted (meaning not clicked on)? any help is appreciated
Progress: Ok I found out that recaptcha is displayed correctly on my website, while under localhost it is not shown at all... I guess this is because localhost is not registered under google recaptcha... very confusing though. Instead one should probably display a message that this domain is not registered... but anyway, I still get
recapcha.verify() = True
even if I do not click on the recaptcha before submission? Do I have to verify that recaptcha has been submitted?